Abstract: In one set of embodiments, an enhanced next generation anti-virus (NGAV) system is provided. In certain embodiments, this system includes a hypervisor-level agent that backs up VM data only when an instance of a guest application running in the VM has been flagged by the NGAV system as being potentially malicious (rather than on a constant, proactive basis). Further, the hypervisor-level agent performs this backup only with respect to data modified by that specific guest application instance (rather than backing up all data modified by the VM) and writes the backed-up data to a secure storage location which is inaccessible to the guest. The combination of these features addresses many of the problems and inefficiencies of existing NGAV systems.

Abstract: In an example, a management node includes a processor and a memory communicatively coupled to the processor. The memory may include an advisory module to receive data related to a login pattern of a user over a period of time and predict a time to launch a virtual desktop session for the user based on the received data. Further, the advisory module may fetch, via a network, a security policy from a cloud-based endpoint protection platform prior to the predicted time. Furthermore, the advisory module may populate a virtual machine with the security policy before the user logs into the virtual desktop session. Then, the advisory module may create the virtual desktop session using the virtual machine populated with the security policy in response to a determination that the user logged into the virtual desktop session prior to an expiration of a timer.